You Had a Cyber Incident – Will Your Cyber Insurance Pay?

We all hope that we will never have to file an insurance claim, and, if filed, our claim will not be rejected. The ever expanding cyber threat landscape calls these two tenets into question. Will your cyber insurance pay your claim?

Cyber insurance has evolved from being implicitly covered under General Liability / GL to a completely separate and highly nuanced policy. It is critical to understand the coverage scope and its covenants.

In the face of law suits, insurers have been under pressure to provide more clarity about what, if any, cyber risks may be covered or excluded under a GL policy. Insurers and brokers are now more likely to steer customers to specialized cyber insurance policies that address the unique exposures associated with cyber events.

The cyber insurance itself has been a rapidly evolving field struggling to keep up with the advancing cyber threat landscape. “Chasing” the latest cyber threats in a policy which is in place for one year appears to be a losing proposition. This inability to keep up with malicious actors is being addressed by an increased focus on the insurable cyber incident’s operational impact, subject to exclusions and conditions.

It is the insurance policy’s covenants – the insured’s obligations under the policy - that are often overlooked. Simply speaking, if the insured fails to meet the coverage requirements, the insurer has the right to reject future claims. The covenants sections of cyber coverage have expanded and cover security monitoring, log collection, access control, regular comprehensive assessments, etc. In addition, cyber polices now include expanded reporting requirements and call for an ongoing dialogue between insurers and insured.

The seemingly bespoke nature of today’s cyber coverage does open a door to negotiating a custom policy which may result in a lower price in exchange for fewer controls and a limited coverage. This tradeoff, however, needs to be evaluated and quantified.

To minimize the possibility of a non-covered cyber incident it pays to understand your cyber coverage requirements and include them in every security evaluation. If a requirement is not met, it is important to agree with your insurer on the time to cure the deficiency. Failure to meet these requirements may render your cyber policy worthless.

Non-Profits' Dueling Realities - How Microsoft Can Help Manage Non-Profits' Existential Inner Conflict

Non-profits are often perceived as simpler organizations but in reality could be far more complex than profit driven companies.

Efficient delivery of a non-profit’s mission requires precision, operational excellence, discipline, and nimble and effective management best achieved via a corporate structure. But this construct must allow for ample expression of passion for the non-profit’s cause, thus creating an existential conflict and a need for a delicate balancing act of corporate order against free spirited enthusiasm. Achieving and maintaining this balance can often affect the very survival of a non-profit.

The path to achieving this balance is via a supportive culture which is empowered by expertly designed processes. Microsoft cloud framework, with its wealth of diverse interconnected tools, is unique in its ability to power up operational processes while allowing generous freedom for individual enthusiasm and innovation.

To unleash this awesome power of Microsoft’s cloud toolset, organizations should seek a technology partner who appreciates this need for structure, respects, and even admires, the underlying passion, and can translate these diverging requirements into competently designed, cohesive, and seamless applications.

Microsoft seems to have redefined the widely accepted vision of the dueling realities of non-profits by offering a reliable operational structure for empowering innovation and channeling creative passions, a highly progressive approach to building a modern non-profit organization.

Microsoft Launches Cybersecurity Services - How Customers and Microsoft Developers Are Impacted

Microsoft last week confirmed what many already realized - Microsoft is one of the largest diversified providers of cyber security solutions and services. In making this industry's "hunch" official, Microsoft validated the criticality of a well developed and multifaceted cyber security expertise to the success of an application provider. A provider of end-user solutions can no longer succeed in the market without weaving cyber security consideration into every aspect of an application development life cycle.

Microsoft launches Security Experts services, boosting security spend (cnbc.com)

Gartner identifies Cybersecurity Mesh as the second top 2022 technology trend after Data Fabric. According to Gartner, “Cybersecurity mesh is a flexible, composable architecture that integrates widely distributed and disparate security services”. As cybersecurity focus shifts to protecting data at source, data in transit, and user touch points, the application architecture and design play an increasingly vital role in bringing to life the application frameworks which are cyber robust and easily defendable, can be monitored in real time and adjusted quickly and / or in an automated fashion in response to threats. All this needs to happen without impacting the user interaction with the application. Consequently, developer success will increasingly depend on integrating a robust security expertise in their application development process.

The other side of this predication is also true – no cybersecurity firm will succeed without a thorough and nuanced understanding of data, data fabric, and user experience. Microsoft’s vast trove of user and application knowledge will, undoubtedly, make it a much more informed and sophisticated cybersecurity fighter than many pure cybersecurity players. The knowledge of how a modern application is constructed and brought to life will become an indispensable component of cybersecurity analysis and architecture planning.

And clients? Clients are likely to start requiring that their development partners start demonstrating cyber security knowledge alongside their understanding of client operations. If a proposed application cannot be built as inherently cybersecure, a client might consider looking for a more cybersecurity aware application development partner.